Sometimes complex problems require complex solutions. And sometimes those complex solutions cause even more complex problems. However, this cycle can be eliminated altogether by adhering to the one cardinal rule that we all learned in grade school: show your work!
Take Bob, for example. Bob is a higher education IT professional tasked with solving how to manage the ever-increasing volume and complexity associated with the user populations and access controls across the university. This is an extremely common yet intricate problem that often leads to building custom scripts, or a series of individual commands used to execute a particular task.
Unfortunately, scripts are rarely sustainable in the long-term, and using them may have a much broader impact on the college or university as a whole. Because scripts are static and written to solve a single problem, they don’t evolve with the institution's changing identity and access management requirements.
Let’s take a look at why relying on custom scripts leaves higher education vulnerable, and how showing your work is the simple solution that leads to long-term strategy success.
The Problem with Custom Scripts and Homegrown Solutions
Typically, IT teams in higher education are thinly-stretched, and governing users and their access is a low-value, high-effort proposition. Higher education institutions have unique identity and access needs including complex user populations, non-hierarchical structures, and users with multiple roles or affiliations. In addition, the IT department must on-board and off-board thousands of users at once.
Once the challenge is identified and understood, it is assigned to someone within the IT department to come up with a solution. Now, back to Bob. It seems like every IT team has a Bob, or a brilliant mind who is tasked with solving the automation challenge around user provisioning and access management. Bob could be on the IT Security team, the Systems team, or even the Applications team.
Here’s the good news: Bob really is that brilliant and is able to provide an answer in the form of some clever scripting he built from the ground up that allows for automated user account provisioning, de-provisioning, and group management. Bob spends endless hours fine-tuning his homegrown system of scripts and it works like a charm!
Fast forward a couple of months, and tens of thousands of accounts are automatically created, synced, and disabled without anyone else having to lift a finger. And the even better news? It didn’t cost the institution a dime. Bob is a hero.
Here’s the bad news: Bob doesn’t show his work. Everything that he scripts, manages, and maintains is completely arbitrary to what makes sense in his head, and he is never required to document the solution. It just works, so the answer is right. And it works well for as long as Bob is around.
Here’s the worst news: Bob got hit by a bus.
Now this bus is (usually) strictly metaphorical. The Bobs I hear about from prospects and customers may be nearing the end of their careers and retiring in a month. Or, Bob may have taken another job and left the college or university altogether.
Even if Bob is young, stays at the institution, and is incredibly committed to being available for changes 24/7, the entirety of the college IT system is carried by a single person. So, what happens when Bob calls in sick or has an emergency? There won’t be anyone else who can maintain the systems he put in place.
Regardless of what “bus” hit Bob, the fact remains that while Bob may be gone, his system remains behind— and no one else knows how it works. And when the time comes for necessary adjustments or troubleshooting? Tough luck.
In my eight years in this industry, I have come across too many Bobs to be able to keep count. One Bob actually developed his system in a scripting language that he created himself and no one else knew. The system was brilliant. But it literally would have been easier to decipher if it had been written in Klingon (at least somebody else knows Klingon).
From Legacy Solutions to Modern Identity and Access Management
So, what is a poor technology leader supposed to do in the wake of that bus’s exhaust fumes?
Colleges and universities have been turning to commercial off-the-shelf (COTS) Identity & Access Management (IAM) and Identity Governance & Administration (IGA) products to replace Bob’s homegrown system. The main benefits of these solutions are that they are documented, supported, and implemented to best practice standards. While it does cost money to invest in these solutions, they are scalable, sustainable, and provide more robust features and functionalities than homegrown scripts. Perhaps most importantly, IAM/IGA solutions outlive any new Bobs that may be tasked with administrating them, so they easily achieve the desired ROI.
Now comes the hard part of determining which COTS offering is right for the specific needs of your institution.
The first generation of IAM/IGA products provided high amounts of control and flexibility to allow each institution to tailor the solution based on their specific data, processes, and needs. These legacy offerings were delivered as on-premises solutions and were a significant step forward for anyone looking to get away from the homegrown scripts.
However, even though these legacy solutions were supported, because they were on-premise installs, there was a heavy burden on the college or university to maintain them. Responsibilities that fell upon that same thinly stretched IT team included infrastructure, updating, patching, modifying, upgrading, and more.
Over the past decade, this burden of responsibilities led the market to follow the larger trend of IT in higher education and make a move to the cloud. Now, modern solutions leverage an Identity-as-a-Service (IDaaS) model of software development and implementation that removes these burdens. As with any SaaS offering, elements, such as the hosting, maintenance, and security of the infrastructure and solution, are all offloaded and owned by the vendor themselves.
Powered by Amazon Web Services (AWS), RapidIdentity Cloud is one such example of a modern IAM solution that serves higher education institutions across the world. RapidIdentity Cloud has all the power and flexibility of the legacy on-premise solutions, but removes the administrative headache and costs associated with data center hosting and upkeep.
Another benefit of the IDaaS model is that as new features are developed, they are added directly to the existing solution without any intervention from college or university staff. A modern IDaaS solution doesn’t grow stale due to competing priorities demanding focus and attention, but rather, it dynamically improves and becomes more powerful.
Now is the Time to Transition to the Comprehensive Functionality Your Institution Requires
For nearly a decade, I have worked with countless colleges and universities who have lived some version of the Bob story. If Bob is still around, then there is no immediate pain because Bob’s solution masks the problem.
However, since Bob doesn’t show his work, it’s usually only a matter of time before we are having the same conversation. In my experience, the institutions that have been the most successful are the ones who get ahead of the bus.
Comments